Server-Side Request Forgery (SSRF) Explained
ฝัง
- เผยแพร่เมื่อ 9 เม.ย. 2023
- Purchase my Bug Bounty Course here 👉🏼 bugbounty.nahamsec.training
Buy Me Coffee:
www.buymeacoffee.com/nahamsec
Live Every Sunday on Twitch:
/ nahamsec
Free $100 DigitalOcean Credit:
m.do.co/c/3236319b9d0b
Follow me on social media:
/ nahamsec
/ nahamsec
twitch.com/nahamsec
hackerone.com/nahamsec
/ nahamsec1
Github:
github.com/nahamsec
Nahamsec's Discord:
discordapp.com/invite/ucCz7uh
#offensivesecurity #redteam #bugbounty #hackerone #hackers #hacking #infosec #hackingtutorial #owasp #educational - วิทยาศาสตร์และเทคโนโลยี
hey Ben, we surely already love your content, but, for those like me, who are new to the industry, trying to learn and move forward, we need the technical, very basic content, this will help us understand more in depth how things goes. thank you again for the great content you are delivering, and for the amount of dedication you are putting in
When there is an issue or something you understand you should go down the rabbit hole and” master “ it. I’m sure you’re doing well now, this comment was a year ago! But this comment is for people just learning 😁
Content + real vulnerability example would be great 🔥
Never thought I could learn SSRF in a more comprehensive way by under 15 minutes! Thanks man!
Thanks! I'm glad it helped!
While I may not have commented before, I've been an avid admirer of your work. As an aspiring pentester, I find your technical content to be precisely what I seek. While your other content is commendable, it's ultimately the expertise you bring that I look up to for learning. Your contributions are truly appreciated.
As CEO of a startup please keep this stuff coming. It took a lot to convince the dev team that exploits weren’t just down to weak passwords so I arranged an in house demo. Jaws dropped. This stuff builds so much awareness. Thank you!
OFC it would be truly helpful to see more content like this
Hey I absolutely love this, I would love to learn from more technical videos like this.
Fully in with technical vids, especially when you chain these with Real life vulns you have found 👌
Yes, this is great. From a web developer perspective. I'm trying to under how my server side applications could be hacked and this is great content. Please, continue.
Thanks for helpful content! It would be great if u could do more specific showcases about blind SSRF. For example there is a case that I only receive the DNS queries back to the collab. I guess because of outbound restriction but it seems like the server was trying to reach to that domain. Any way in this case that you can prove the ssrf is there with just DNS? Or do you have any suggestion on setting up things in internal network to prove the vulnerability is there?
Was a long comment but hope u could imagine the case 😂 thanks
Man, keep both coming.!! maybe pick a day to post technical and assign another day for the mentorship aspects or something... Either way ... BOTH ARE EQUALLY IMPORTANT FOR SUCCESS!! ...Also i would love a video on how to transfer from labs /ctf into hacking real world apps. As the fundamentals are the same or close but also very different in alot of ways.
100% both. I like the nuance you teach here. For example login page and SSRF. This is fantastic content.
Content + real+technical aspect of pen testing and bug hunting .Thanks
Thank you very much, I hope you'll continue doing these kind of videos 😊
More content is needed like this along with real life examples that you experienced during bug bounty or other testing application
fantastic :o , i would like to see a full and advanced recon video from you :)
Yes, more content like this please 😁
Waiting for this type of content ; please Continue Ben :)
Hi man, I would like to hear you how to do bug bounties exactly and maybe if you can show on live all the necessary steps to do it
Yea would love this type of content plz part 2
Is Bola and idor the same type of vulnerability with different names
Just what we need Ben 😊 thank you 👏🏻
Haya!
I have quite a lot of experience in pentesting webapps, but i do not have any experience in hosting an instance of a webserver, securing it or being able to load an insecure server, but in a secure way cause we don't want a creepy scanner rooting it and being malicious when i want to test it :P
So my question, could you make a lill tutorial in how to, for example, use a docker or maybe host a site in different means through a Digital Ocean instance? :P
Would be fun to learn a little bit about it and then being able to pentest towards it. By learning this, one can use your knowledge to host a file hosting instance to make an RFI etc, which is a bit difficult without an outwards facing host ^^
Stay safe and happy late Easter!
we need more part of this
Love this!
Please, if possible, cover these advanced topics like How to bypass Drupal CMS or other secured CMS? How to bypass HARD WAF protection that stops HTML, SQL, and XSS injection payloads? Payload single-double-triple encoding using Cyber-Chef? How to find the real origin IP of secured websites behind Cloudflare, Akamai, ModSecurity, AWS CDN, etc.,? How to bypass Hard WAF using SQLMAP or Burpsuite? How to find hidden vulnerable parameters and endpoints inside the .js and .jason files? How to find hidden admin pages, cPanel pages, and WHM pages ? Please cover these important topics. Thanks
yes please, give us more content of this kind.
You are great bro
Super down with more technical content!
Perfect type of content 😃👍
Would love to see more technical content! TIA
What to do if we don't have burp collaboraor ?
We really want this explain bugs for beginners and give us some advice about the bug i really wish u make playlist for this !! thank u alot
Hi NahamSec, I'm a regular viewer of your content.can you make video on business logic in dept!! waiting for it
East or West, naham is the best.
Great Content; More Please 🤑
I would like to see one of the vulnerabilities you have found and walk through the info gathering stage all the way to the post exploit while explaining the mindset/methodology
Soon :)
Epic, Part 2 please.
I love this content make more please
More please!
part 2? more content like this!
Yes more content like this pls
both content is fine and some free tutorials
Part 2 please
😍
stay consistent big bro
Preach!
I’d love more technical videos
part 2 or complete playlist on the web Vuln
more content like this please
more content like THIS!
More content like this 🙂🙏❤️🔥
💙
More part 2. Need more technical vids
Ben One Suggestio | Make a precise playlist of OWASP TOP 10 2021 | Like a 10 min video / on each critical vulnerability
More parts on this topic ..
Vulnerability content or owasp top 10 pls
MORE CONTENT !!!
Part 2 please....
More real bugbouty tech work
more and more plz
Part 2!
Part two
More pls =)
Drop video with all of the topic you mentioned in the video.
😊
more content on web attacks
It was awesome
Next xxe plz
Creat a playlist content like the types of vulnerabilities and bugs that are common or rate easy to hard like xss or account takover
please post content like this...thank you
more content like thiss
I think you should pivot to doing Unboxing Videos. If that's not in the cards then please keep the technical videos coming!
More, more more real world how to once we have done recon. We need to know the steps on how to find bugs.
part 7 we want
more vcontent like this cover all top 10 owasp vulnerability please...
More content
I would like to see basic contents like this.
Both....
we need location traking tutorial
PART 2 BRO DEFO
PART-2
Want more vdo
web hacking content more please
yup yup more tutorials for hacking and IT stuff how to do ore bypass
I love you naham
Part2
part 2
I reported my browser 😂
theory is all good but when it comes to practical i'm hopeless.
Part 2 ,,4,5,6,7,8,9,-----,99999
location hack
I make hacking videos
Bad explanation with a lot or wrong info
Part 2
part 2
Part 2